Changes between Version 3 and Version 4 of FeddGeniUseCases


Ignore:
Timestamp:
Nov 12, 2009 10:57:35 AM (14 years ago)
Author:
faber
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • FeddGeniUseCases

    v3 v4  
    3434 1. Create an empty slice from the slice manager (slice manager checks researcher credentials)
    3535 2. Researcher delegates attributes to the slice
    36  3. Slice manager add or configure slice resources from components/aggregates under direction of the researcher. (slice manager checks researcher authorization for operation, components check experiment authorization to resources).
     36 3. Researcher requests operation on slice (slice manager checks researcher credentials)
     37 4. Slice manager operates on various aggregates to carry out operation (aggregates check slice credentials)
    3738
     39As a researcher may perform many operations on a slice - creating it, expanding it, configuring it, restarting it - steps 3 and 4 will cycle.
    3840
    39  
     41=== The Slice Principal and Delegation ===
     42
     43The appearance of the slice as principal facilitates three properties of the system that we argue are useful: it allows researchers to control what authority possessed by the researcher can be exerted on bahalf of the slice, it allows researchers to combine or transfer slice authority, and finally it constrains the amount of authority that the slice manager can exert on its own behalf.
     44
     45A given researcher is likely to have a range of authority/attributes available to him or her, but probably wants to constrain individual experiments to only exert some of that authority.  The possessor of a security clearance will want to perform unclassified experiments.  Delegating authority explicitly to the slice ensures that a given slice can only exercise that authority not the full authority of either the reseracher or the slice authority.  The slice prinicpal provides an entity to which those attributes can be delegated.
     46
     47That delegation is functionally distinct from the operation of the slice manager.  The researcher can issue certificates delegating whatever authority/attributes it chooses to without the slice manager needing to understand the semantics or format of them.  (For sensitive attributes, a slightly more involved delegation procedure is required.)  This frees the slice manager from dealing with these credentials beyond loading them into its ABAC negotiator for when it acts on behalf of the slice.  If the researcher is willing to publish the credentials, it need not pass them to the slice manager at all.
     48
     49This separation of delegation has another significant benefit.  Researchers can combine or transfer slice authority.  A long lived slice may change owners as the graduate student responsible for it graduates or a programmer changes jobs.  ABAC allows the slice to exert the attributes of the new "owner" by delegating a subset of that new owner's attributes to the slice (and allowing the old attribute delegations to time out).  If configuration of existing resources (and perhaps maintaining control of those resources) requires different attributes, a professor or higher ranking authority can create a slice, then pass control of it to a student or subordinate who has authority to maintain and configure the resources, but not grow the slice.